I downloaded and compiled SAMBA v 2.2.7. I followed the Squid FAQ and added --with-winbind & --with-winbind-auth-challange. Both wbinfo -t and wbinfo -s ,domain>+<user>%<password> were good.
smb.conf:
[global]
smb passwd file = /usr/local/samba//etc/smbpasswd
passwd program = /usr/bin/passwd %u
pam password change = yes
printing = lprng
dns proxy = no
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
max log size = 0
obey pam restrictions = yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# security = user
unix password sync = Yes
server string = Samba Server
log file = /var/log/samba/%m.log
load printers = yes
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
workgroup = MVN_NT
security = domain
password server = *
winbind use default domain = yes
I'm using squid v2.5.STABLE1 and I compiled it using the configure options listed in the FAQ.
squid.conf
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group
acl ProxyUsers external NT_global_group CTX-InternetDL
acl InternetUsers proxy_auth REQUIRED
http_access allow InternetUsers ProxyUsers
Running wb_auth manually works, but wb_group doesn't.
access.log
1037825482.682 2 172.19.10.20 TCP_DENIED/403 1365 GET http://www.ugu.com/ skern NONE/- text/html
>>> Henrik Nordstrom <hno@squid-cache.org> 11/20/02 03:32PM >>>
We only support 2.2.4 or later.. see the Squid FAQ.
wb_auth and wb_group might MAYBE work if you copy the winbind files from
the samba sources you are using like instructed in the FAQ for Samba
2.6/3.0, but no guarantees. Such setup is not tested at all.
wbntlm_auth cannot work with Samba 2.2.3.
Regards
Henrik
ons 2002-11-20 klockan 20.34 skrev Scott Kern:
> Samba version is 2.2.3a
>
> wbinfo -t works
>
> wbinfo -a <domain>+<user>%<password>
> plaintext password authentication succeeded
> challenge/response password authentication failed
> Could not authenticate user <domain>+<user>%<password> with challenge/response
>
> I tried using wb_group manually with no success, but I'm not sure I'm doing if right. I tried <domain>+<user> <group>, but I get ERR.
>
> wb_auth fails, I may have to rebuild squid, I noticed something I don't think I added to the configure command line.
>
> Thank you for your help.
> >>> Henrik Nordstrom <hno@squid-cache.org> 11/20/02 01:30PM >>>
> Which Samba version?
>
> Have you made the tests recommended in the Squid FAQ?
>
> * Does "wbinfo -t" and "wbinfo -a domain\\user" work?
>
> * Have you tested wb_auth manually?
>
> Regards
> Henrik
>
>
>
> ons 2002-11-20 klockan 17.22 skrev Scott Kern:
> > Thank you very much for the help.
> >
> > I added the following and squid starts without any errors. One problem down, many more to go. :)
> >
> > Now authenticating from the browser fails. I'm using Netscape 4.79 on a system running Red Hat 7.3. I'm entering my Windows user name and password or do I need to add the domain or group?
> >
> > The access.log entry is:
> > 1037809148.392 3 172.19.10.20 TCP_DENIED/407 1750 GET http://www.rootprompt.org/ - NONE/- text/html
> >
> > Which looks like the user name isn't being passed on.
>
>
Received on Thu Nov 21 2002 - 10:18:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST